[server] Clamp step-down stamp ack timeout to non-negative at config-read time

sushantmane · sushantmane · commit 078eb220f0e6 · 2026-05-15T02:03:53.000-07:00
Addresses Copilot review comment: a misconfigured negative ack-timeout would
make CompletableFuture.get(long, TimeUnit) return immediately or, on some
JDKs,
throw IllegalArgumentException - neither is what we want in the demotion
handler. Clamp the value to Math.max(0, raw) at config-read time so the
emit path can call get() unconditionally without a defensive guard at every
call site. Zero still works (no-wait poll), which is the operator's choice.

Testing Done
  - testVeniceWriterInProcessConsumerAction passes (3.1 s).
  - No behavior change for the default 1000 ms value.
diff --git a/clients/da-vinci-client/src/main/java/com/linkedin/davinci/config/VeniceServerConfig.java b/clients/da-vinci-client/src/main/java/com/linkedin/davinci/config/VeniceServerConfig.java
@@ -1282,8 +1282,16 @@ public VeniceServerConfig(VeniceProperties serverProperties, Map<String, Map<Str
         serverProperties.getBoolean(SERVER_LEADER_HANDOVER_EMIT_STEPDOWN_STAMP, false);
     this.leaderHandoverConsumeStepDownStamp =
         serverProperties.getBoolean(SERVER_LEADER_HANDOVER_CONSUME_STEPDOWN_STAMP, false);
+    /*
+     * Clamp to a non-negative value at read time so that the stamp emit path can call
+     * CompletableFuture#get(long, TimeUnit) unconditionally without having to defend against a
+     * misconfigured negative timeout (which would otherwise either return immediately or, in
+     * some JDK versions, throw IllegalArgumentException — neither is desirable in the demotion
+     * handler). A zero value still works: get(0, MILLISECONDS) attempts a no-wait poll and
+     * times out immediately if the produce hasn't acked, which is the operator's choice.
+     */
     this.leaderHandoverEmitStepDownStampAckTimeoutMs =
-        serverProperties.getLong(SERVER_LEADER_HANDOVER_EMIT_STEPDOWN_STAMP_ACK_TIMEOUT_MS, 1000L);
+        Math.max(0L, serverProperties.getLong(SERVER_LEADER_HANDOVER_EMIT_STEPDOWN_STAMP_ACK_TIMEOUT_MS, 1000L));
     this.serverIngestionInfoLogLineLimit = serverProperties.getInt(SERVER_INGESTION_INFO_LOG_LINE_LIMIT, 20);
     this.parallelResourceShutdownEnabled =
         serverProperties.getBoolean(SERVER_PARALLEL_RESOURCE_SHUTDOWN_ENABLED, false);
